Circuit chip and a method of operating it

ABSTRACT

Secure patching of an operating system of the integrated circuit chip. A patch server encrypts a patch to the operating system of the integrated circuit chip and transmits the encrypted patch to an issuing-authority server. The issuing-authority server appends the encrypted patch into a digital certificate in an extension to the digital certificate and transmits the digital certificate including the encrypted patch to a terminal. The terminal transmits the digital certificate the integrated circuit chip. The integrated circuit chip recovers the extension to the second digital certificate and decrypts the extension using a decryption key of the manufacturer of the integrated circuit chip thereby recovering the patch to the operating system of the integrated circuit chip and installs the patch into the operating system of the integrated circuit chip.

BACKGROUND OF THE INVENTION

The present invention relates, generally, to integrated circuit chips,and, more particularly, to secure updating of the operating system ofembedded integrated circuit chips.

Secure integrated circuit chips, e.g., those found in smart cards, arean increasingly important mechanism for enhancing the security of manydevices. For example, for as long as there have been passports, therehave been forgers of passports. In an age-old cat-and-mouse game,passport issuers have sought to enhance the security of passports byintroducing security features that are ever more difficult to forgewhile forgers seek to develop techniques to foil such security features.One mechanism for enhancing the security of passports has been theintroduction of ePassports, i.e., passports that contain a secureintegrated circuit chip.

Secure integrated circuit chips are tamper-resistant integrated circuitsthat include many security features. Often such chips are used to storesensitive information such as account numbers, login credentials,cryptographic keys, personal user-information including biometrics.

While secure integrated circuit chips contain many security features toenhance their tamper-resistance, they are still subject to attack byforgers and hackers who seek to either impersonate legitimate users ofthe chips or to access, illicitly, information stored on the chips.Therefore, much like the manufacturers of old-school security documentsadded new security features, manufacturers of secure integrated circuitchips must from time-to-time add new security features to enhance thesecurity of their secure integrated circuit chips. For example, if asecurity flaw is exposed in a cryptographic algorithm, the manufacturerof the chip may be required to provide a fix to the algorithm thatcorrects the identified security flaw.

One advantage of electronic documents and other computerized devices isthe possibility of adding new features and functionality to a documentor device. For example, if a bank introduces a new service, it may benecessary to add a new feature corresponding to the new service to abank card held by customers of the bank.

Users of modern computer or networked electronic device are familiarwith, may be even annoyed by, the near-daily invitation to install asoftware patch of some sort. Indeed, frequently such patches areannounced by the operating system or application program issuer as a“critical security patch.” Such over-the-network patching is relativelytrivial for networked devices; an operating system or applicationprogram may have a built-in mechanism to inquire over the network with apatch server to determine if there is a patch available that should orcould be installed.

However, for electronic devices that do not connect to a network,patching of software is much more challenging. Consider, for example, acritical security update to an electronic passport. Electronic passport,like many other devices, are not typically in communication with aserver over a network.

Furthermore, even if connected to a network, it is essential that anyproposed patch can be trusted to not have originated from an insecure ormalicious source.

From the foregoing it is apparent that there is a need for an improvedmethod to provide secure update of operating system and other programsinstalled on secure integrated circuit chips.

SUMMARY

A method to securely patch an operating system of an integrated circuitchip includes operating a patch server to encrypt a patch to theoperating system, operating the patch server to transmit the encryptedpatch to the issuing-authority server, and operating theissuing-authority server to append the encrypted patch into a seconddigital certificate of the issuing authority in an extension to thesecond digital certificate. The issuing-authority server transmits thesecond digital certificate including the encrypted patch to theterminal. The terminal communicates with the integrated circuit chipupon presentation of the integrated circuit chip to the terminal.

To achieve those and other advantages, and in accordance with thepurpose of the invention as embodied and broadly described, theinvention proposes a method for operating an integrated circuit chipcomprising a first digital certificate of an issuing authority, a patchserver, an issuing-authority server, and a terminal to securely patch anoperating system of the integrated circuit chip, the method comprising:

operating the patch server to encrypt a patch to the operating system ofthe integrated circuit chip;

operating the patch server to transmit the encrypted patch to theissuing-authority server;

operating the issuing-authority server to append the encrypted patchinto a second digital certificate of the issuing authority in anextension to the second digital certificate;

operating the issuing-authority server to transmit the second digitalcertificate including the encrypted patch to the terminal;

operating the terminal to communicate with the integrated circuit chipupon presentation of the integrated circuit chip to the terminal;

operating the terminal to transmit the second digital certificateincluding the encrypted patch to the integrated circuit chip;

operating the integrated circuit chip to unpack the second digitalcertificate including the encrypted patch to recover the extension tothe second digital certificate; and

operating the integrated circuit chip to verify that the extension tothe second digital certificate corresponds to the operating system ofthe integrated circuit chip; and if the extension is verified tocorrespond to the operating system of the integrated circuit chip, todecrypt the extension to the second digital certificate therebyrecovering the patch to the operating system of the integrated circuitchip, and installing the patch into the operating system of theintegrated circuit chip.

The terminal transmits the second digital certificate including theencrypted patch to the integrated circuit chip.

The integrated circuit chip unpacks the second digital certificateincluding the encrypted patch to recover the extension to the seconddigital certificate and verifies that the extension to the seconddigital certificate corresponds to the operating system of theintegrated circuit chip. If the extension is verified to correspond tothe operating system of the integrated circuit chip, the integratedcircuit chip decrypts the extension to the second digital certificatethereby recovering the patch to the operating system of the integratedcircuit chip and installing the patch into the operating system of theintegrated circuit chip.

In one aspect, the patch server digitally signs the encrypted patch andthe integrated circuit chip to verifies the digital signature of theencrypted patch before installing the patch into the operating system ofthe integrated circuit chip.

In a further aspect, a key of the manufacturer of the integrated circuitchip is installed into the integrated circuit chip; and wherein thepatch server encrypts the patch using a key of the manufacturer of theintegrated circuit chip, and the integrated circuit chip decrypts theextension to the digital certificate using a key of the manufacturer.

The second digital certificate of the issuing authority may be a linkcertificate, for example, a link certificate of a country verifyingcertificate authority, that links to the first certificate of thecertificate authority stored on the integrated circuit chip.

In an aspect, the integrated circuit chip is embedded in an electronicsecurity document.

In a further aspect, the electronic security document is amachine-readable travel document.

In an aspect, a private key of the manufacturer of the integratedcircuit chip is installed into the integrated circuit chip; and whereinthe patch server encrypts the patch using the public key correspondingto the private key of the manufacturer of the integrated circuit chip,and wherein the integrated circuit chip decrypts the extension to thedigital certificate using the private key of the manufacturer.

In an aspect, a secret key of the manufacturer of the integrated circuitchip is installed into the integrated circuit chip; and wherein thepatch server encrypts the patch using the secret key corresponding tothe secret key of the manufacturer of the integrated circuit chip, andwherein the integrated circuit chip decrypts the extension to thedigital certificate using the secret key of the manufacturer.

The present invention is also related to an integrated circuit chipcomprising:

a processor; and

a memory connected to the processor and containing instructionsexecutable by the processor including an operating system; and

instructions to cause the processor to:

receive a digital certificate from a patch server via a verifierterminal, the digital certificate including an extension containing anencrypted patch for the operating system;

unpack the digital certificate thereby recovering the extension to thedigital certificate;

verify that the extension to the digital certificate corresponds to theoperating system of the integrated circuit chip; and if the extension isverified to correspond to the operating system of the integrated circuitchip, to decrypt the extension to the digital certificate therebyrecovering the patch to the operating system of the integrated circuitchip, and installing the patch into the operating system of theintegrated circuit chip.

In an aspect, the instructions of the patch loader further compriseinstructions to cause the processor to verify the digital signature ofencrypted patch prior to installing the patch into the operating systemof the integrated circuit chip.

In an aspect, the memory further includes a private key of themanufacturer of the integrated circuit chip; and wherein the patch isencrypted using the public key corresponding to the private key of themanufacturer of the integrated circuit chip, and wherein theinstructions further comprise instructions to cause the processor todecrypt the extension to the digital certificate using the private keyof the manufacturer.

In an aspect, the memory further includes a secret key of themanufacturer of the integrated circuit chip; and wherein the patch isencrypted using the shared secret key; and wherein the instructionsfurther comprise instructions to cause the processor to decrypt theextension to the digital certificate using the shared secret key of themanufacturer.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an illustration of a front cover of a passport book.

FIG. 2 is an illustration of a page of an electronic passport thatincludes an integrated circuit chip as an inlay in the page.

FIG. 3 is a high-level block diagram of an architecture of theintegrated circuit chip of FIG. 2.

FIG. 4 is a block diagram illustrating data and programs stored in amemory that corresponds to the memory of FIG. 3.

FIG. 5 is a network diagram illustrating the flow of a patch from amanufacturer server to a device or document containing an integratedcircuit chip 203 (not shown) via a network.

FIG. 6 is a schematic of programs and data that may be included in amemory of an integrated circuit chip of an electronic passport.

FIG. 7 is a schematic illustration of a digital certificate that has acertificate body and a certificate extensions part.

FIG. 8 is a schematic illustration of a certificate extensions part foran electronic passport embodiment.

FIG. 9 is a data flow diagram illustrating the population of requiredkeys on an integrated circuit chip, corresponding to an integratedcircuit chip of FIG. 2.

FIG. 10, which is composed of FIGS. 10a and 10 b, is a data flow diagramof the usage phase of the life cycle of an integrated circuit chip.

DETAILED DESCRIPTION OF THE INVENTION

In the following detailed description, reference is made to theaccompanying drawings that show, by way of illustration, specificembodiments in which the invention may be practiced. These embodimentsare described in sufficient detail to enable those skilled in the art topractice the invention. It is to be understood that the variousembodiments of the invention, although different, are not necessarilymutually exclusive. For example, a particular feature, structure, orcharacteristic described herein in connection with one embodiment may beimplemented within other embodiments without departing from the spiritand scope of the invention. In addition, it is to be understood that thelocation or arrangement of individual elements within each disclosedembodiment may be modified without departing from the spirit and scopeof the invention. The following detailed description is, therefore, notto be taken in a limiting sense, and the scope of the present inventionis defined only by the appended claims, appropriately interpreted, alongwith the full range of equivalents to which the claims are entitled. Inthe drawings, like numerals refer to the same or similar functionalitythroughout the several views.

The following description includes references to various methodsexecuted by a processor of an integrated circuit chip. As is common inthe field, there may be phrases herein that indicate these methods ormethod steps are performed by software instructions or software modules.As a person skilled in the art knows, such descriptions should be takento mean that a processor, in fact, executes the methods, softwareinstructions, and software modules.

The herein described technology provides a secure in-the-field softwareupdate mechanism for secure integrated circuit chips.

FIG. 1 is an illustration of a front cover of a passport book 100. Asymbol 101 indicates that the passport is an electronic passportcontaining an integrated circuit chip that may be read by a terminal ata border passport control station.

FIG. 2 is an illustration of a page 201 of an electronic passport 100that includes an integrated circuit chip 203 as an inlay in the page201. The page 201 also contains an antenna 205 connected to theintegrated circuit chip 203 by which the integrated circuit chip 203communicates with terminals.

FIG. 3 is a high-level block diagram of an architecture of theintegrated circuit chip 203 and the antenna 205. The integrated circuitchip 203 contains a processor 301 and a memory structure 303, whichstores data and programs executable by the processor 301. The memorystructure 303 may contain one or more of each of a random-access memory(RAM) 305, read-only memory (ROM) 307, and non-volatile programmablememory (NVM) 309. The memory devices 305, 307, and 309 are connected tothe processor 301 via a bus 311.

The integrated circuit chip 203 further contains an input/outputinterface 313 for communicating to external devices, e.g., a terminal,via the antenna 205. For contactless communication, the input/outputinterface 313 may communicate with a terminal over the ISO 14443protocol.

In alternative embodiments the integrated circuit chip 203 may includeelectrical contacts (not shown) for communicating over a contactinterface to a terminal, for example, according to the ISO-7816 protocolor the Universal Serial Bus (USB) protocol.

FIG. 4 is a block diagram illustrating data and programs stored in amemory 403 that corresponds to the memory 303 of FIG. 3. In a preferredembodiment, the data and programs illustrated as stored in the memory403 are stored in an NVM 409 that corresponds to the NVM 309 of FIG. 3.However, other memory organizations are possible.

The memory 403 contains programs 401 and personalization data 451. Theprograms 401 are computer program instructions that cause the processor301 to perform certain actions. The programs 401 include an operatingsystem 405 and applications programs 407.

The operating system 405, in turn, contains a variety of operatingsystem functions 409 and a patch loader 411. The operating systemfunctions 409 may include, for example, a virtual machine for executingthe application programs 407 and memory management functions.

The patch loader 411, which is described in greater detail below,performs functions related to receiving a patch, verifying that thepatch originates with the manufacturer of the integrated circuit chip203 (or from another trusted source), decrypting an encrypted patch, andinstalling the patch into the operating system 405.

FIG. 5 is a network diagram illustrating the flow of a patch 507 from amanufacturer 501 to a device or document 503 containing an integratedcircuit chip 203 (not shown) via a network 505. The manufacturer, e.g.,the manufacturer of the integrated circuit chip 203 creates a patch 507to the operating system 409. The manufacturer encrypts and signs thepatch and transmits the signed encrypted patch 509 to an ICC deviceissuer 511, e.g., a national passport issuing authority.

The ICC device issuer 513 incorporates the signed encrypted patch 509into a digital certificate 513, e.g., a link certificate that links anexpired or expiring digital certificate to a replacement digitalcertificate, and transmits the digital certificate 513 to a terminal515, e.g., a passport verifier terminal operated at a passport controlat a national border or port-of-entry.

A bearer of the device 503, e.g., a traveler carrying an electronicpassport, presents the device 503 to the terminal 515. A communicationslink is established between the device 503 and the terminal. Thecommunications link may be either a contact-based communications linkoperating over, for example, the ISO 7816 protocol or Universal SerialBus protocol, or a contactless communications link, e.g., near fieldcommunication (NFC) or communication over the ISO/IEC 14443 protocol.

The terminal 515 then transmits the digital certificate 513 to thedevice 503 as part of a terminal authentication process 517.

Returning now to FIG. 4, the patch loader 411 receives a patch that issigned and encrypted from the issuer authority via a terminal. Uponreceipt of the signed and encrypted patch, the patch loader 411 verifiesthe source of the patch, decrypts the patch, and installs the patch inthe operating system 405.

While the mechanisms described herein apply to patching the operatingsystem 405, the mechanisms may also be used in patching applicationprograms 407. Indeed, the boundary between application programs 407 andoperating system 405 may be rather blurry in some environments.

The personalization data 451 may include user data 453, system keys 455,and patch keys 457. The user data 453 may include biographicalinformation—such as name and birthdate, biometric data—such asphotograph, fingerprint, and retina scans, account information, and userkeys. The system keys 455 may include root certificates. The patch keys457 include keys that are used to verify the origin of a patch file andto decrypt a patch file.

FIG. 6 is a schematic of programs and data that may be included in amemory 603 (e.g., and NVM 609) of an integrated circuit chip of anelectronic passport 100 where the memory 603 and NVM 609 correspond tothe memory 303 and NVM 309 of FIG. 3 as well as the memory 403 and theNVM 409 of FIG. 4, respectively, and contains programs 601,corresponding to programs 401 of FIG. 4, including an operating system609.

For an ePassport, the operating system 609 may include various ePassportfunctions, such as Basic Access Control (BAC) 613, Active Authentication615, Password Authentication Connection Establishment 617, ChipAuthentication 619, and Terminal Authentication 621. These ePassportfunctions are described in Bundesamt für Sicherheit in derInformationstechnik, BSI TR-03110 Technical Guideline Advanced SecurityMechanisms for Machine Readable Travel Documents and eIDAS Token,https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03110/BSITR03110.html,accessed on, Oct. 30, 2018 (hereinafter, “TR-03110”) and inInternational Civil Aviation Organization (ICAO), Doc 9303, MachineReadable Travel Documents,https://www.icao.int/publications/pages/publication.aspx?docnum=9303,accessed on Oct. 30, 2018.

The operating system 609 further includes the patch loader 611, whichcorresponds to the patch loader 411 of FIG. 4.

For an electronic passport embodiment as illustrated in FIG. 6, theapplication program 407 of FIG. 4 may be a passport application 607,which may grant access to the user data 653 depending on authenticationcontext 613, 617, 621.

As discussed in conjunction with FIG. 4, the personalization data maycontain certain personal information 653. In the context of electronicpassports, this may include passport number as well as travelinformation.

An electronic passport performs various verification functions, e.g.,terminal authentication 621, to verify that the sensitive informationstored therein is not obtained by an entity that does not have therequisite authorization to access the information. One mechanism is byverifying that certificates provided by the terminal have been signed bya trusted certificate authority. To do so, the integrated circuit chipof an electronic passport contains a Country Verifying CertificateAuthority certificate (C_(CVCA)) 659 in the system keys 655.

The patch loader 611 verifies the signed encrypted patch using a publicsignature key of the manufacturer (PK_(ManSign)) 661 and if theverification is positive, the patch loader decrypts the encrypted patch509 using a secret key of the manufacturer (SK_(Man)) 663. Themanufacturer secret key (SK_(Man)) 663 may be either a shared secret keyor a private key of a PKI (Public Key Infrastructure) keypair.

The issuing authority 511 incorporates the signed encrypted patch into adigital certificate 513. FIG. 7 is a schematic illustration of a digitalcertificate 701 that has a certificate body 703 and a certificateextensions part 705.

The certificate body 703 may contain a public key of a certificateauthority and certain other pertinent information, e.g., validity dates.

The certificate extensions part 705 contains one or more certificateextensions 707 each following a prescribed template. A certificateextension 707 is introduced by an object identifier 709 followed by asequence of context dependent data objects 711. The object identifier709 may identify to which integrated circuit chip the extension 707pertains, e.g., the manufacturer of the integrated circuit chip, so thatintegrated circuit chips to which the extension 707 does not apply mayignore the extension 707.

In one embodiment, the certificate extensions part 705 and certificateextensions 707 follow the format described in Bundesamt für Sicherheitin der Informationstechnik, BSI TR-03110 Technical Guideline AdvancedSecurity Mechanisms for Machine Readable Travel Documents and eIDASToken, Part 3: Common Specifications,https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03110/BSITR03110.html,accessed on, Oct. 30, 2018, (incorporated herein by reference) at pages89-90.

FIG. 8 is a schematic illustration of a certificate extensions part 805,corresponding to the certificate extensions part 705 of FIG. 7, forexample, for an electronic passport embodiment. The certificateextensions part 805 includes a certificate extension 807 that has anobject identifier 809 which identifies the extension as a patchoriginating with Claire Greystone Enterprises Corporation (CGE Corp., afictitious corporation). Integrated circuit chips not originating fromCGE Corp. may ignore the extension 807. Indeed, such other ICCs wouldnot have the requisite keys to decrypt the patch. The certificateextension 807 further includes encrypted patch and signature 811.

FIG. 9 is a data flow diagram illustrating the population of requiredkeys on an integrated circuit chip 907, corresponding to an integratedcircuit chip 203 of FIG. 2. As noted above, the patching of anintegrated circuit chip includes four nodes: the manufacturing server901 operated by a manufacturer 501, an issuing-authority server 903operated by the integrated circuit chip issuer 511, the terminal 905corresponding to the terminal 515, and the integrated circuit chip 907corresponding to the integrated circuit chip 203. Integrated circuitchips go through various phases during their life cycle. A first phaseis the manufacturing phase 909 during which the manufacturer generatesencryption, decryption, and signature keys, step 911.

The integrated circuit chip 907 decrypts the encrypted patch 509 usingthe decryption key of the manufacturer. The encryption and decryption ofthe patch may be based on either shared secret cryptography or PKI. Ineither, the decryption key is a secret key of the manufacturer and isthus depicted here as SK_(Man) 913. In an alternative embodiment, theencryption is performed using a public key. In such an embodiment, themanufacturer may also generate and store a public key of themanufacturer (PK_(Man)) 915.

The signing of the encrypted patch 509 and verification of the signatureis performed using PKI. Thus, the manufacturer generates a PKI keypair,the public signature key of the manufacturer (PK_(ManSign)) 917 and thecorresponding secret signature key of the manufacturer (SK_(ManSign))919. The manufacturer server 901 transmits the PKManSign key 917 and theSK_(Man) key 913 to the integrated circuit chip 907, step 921, and theintegrated circuit chip 907 stores the keys in the memory of theintegrated circuit chip 907, step 923. The steps 921 and 923 oftransmitting and storing may be performed using a write operation inwhich the manufacturer server 901 writes directly into the memory of theintegrated circuit chip 907.

The personalization and issuance phase 951 follows the manufacturingphase 909 in the life cycle of an integrated circuit chip 203. Duringpersonalization 951 the issuing-authority server 903 obtains user info,step 953, e.g., biographical and biometric information associated withthe card holder, step 955, which is then transmitted to the integratedcircuit chip 907, which in turn stores the user info, step 957.

The issuing-authority server 903 also transmits the public key(PK_(IssAuth)) 959 of the issuing authority to the integrated circuitchip 907, step 961.

The integrated circuit chip 907 stores the key PK_(IssAuth) 959, step963. The public key PK_(IssAuth) 959 may be a digital certificate. In anelectronic passport embodiment the public key may be the certificate ofthe Country Verifying Certificate Authority (C_(CVCA)) as described inTR-31110.

FIGS. 10a and 10b combine to form a data flow diagram of the usage phase971 (consisting of a first portion 971 a of FIG. 10a and a secondportion 971 b of FIG. 10b ) of the life cycle of an integrated circuitchip 907. During the usage phase 971, the integrated circuit chip 907has been incorporated into a device, e.g., a smartcard or an electronicpassport. From time-to-time during the usage phase 971, the user, e.g.,a traveler, may present the integrated circuit chip 907, or more thedevice in which it is incorporated, to a terminal 905.

During the usage of an integrated circuit chip 907, there may be a needor desire to update the operating system of the integrated circuit chip907 by developing operating system patches, step 973.

To ensure that that patch is only available to an authorized integratedcircuit chip 907 and not accessible to any other parties, themanufacturer server 901 encrypts the patch, step 975. The encryption mayeither be using a shared secret key (SK_(Man)) of the manufacturer:

PATCH_(ENC) =E(SK_(MAN),PATCH)

Or, according to PKI, using a public key (PK_(Man)) of the manufacturer:

PATCH_(ENC) =E(PK_(MAN),PATCH)

The manufacturer server 901 also signs the encrypted patch PATCH_(ENC)producing a signed encrypted patch (PATCH_(SIGN)), step 977. The signedencrypted patch is produced using PKI by signing with the secret signingkey of the manufacturer (SK_(ManSign)):

PATCH_(SIGN)=SIGN(SK_(ManSign), PATCH_(ENC))

The manufacturer server 901 transmits the signed encrypted patch(PATCH_(SIGN)) to the issuing-authority server 903, step 979.

Optionally, the issuing-authority server 903 verifies the signature ofthe signed encrypted patch, step 981. If the verification fails (pathnot illustrated), an error condition is flagged and an error correctiveaction, e.g., terminating the process or alerting relevant authoritiesof a potential attempted security breach, is taken.

Alternatively, the issuing-authority server 903 simply transmits (asdescribed below) the signed encrypted patch to the ICC withoutverification of the signature of the issuing-authority.

If the signature verification of step 981 is successful (or notperformed), the issuing-authority adds the signed encrypted patch(PATCH_(SIGN)) to a digital certificate, e.g., as a certificateextension to a link certificate (CERT_(LINK)), step 983, as describedhereinabove.

Continuing now on FIG. 10B. The issuing-authority server 903 transmitsthe digital certificate (CERT_(LINK)) to the terminal 905, step 985.

A user presents the integrated circuit chip 907 to the terminal 905,step 987. The terminal and integrated circuit chip 907 establish acommunication channel.

During a terminal authentication phase 989, the terminal 905 transmitsthe digital certificate to the integrated circuit chip 907, step 991.

The integrated circuit chip 907 unpacks the digital certificate, step993, to recover the certificate extension 707.

The integrated circuit chip reads the object identifier tag 709 of thecertificate extension 707. If the object identifier tag 709 correspondsto the manufacture of the integrated circuit chip 907, the integratedcircuit chip proceeds with installing the operating system patch carriedin the digital certificate. Otherwise, if the object identifier tag 709does not correspond to the manufacture of the integrated circuit chip907, the integrated circuit chip 907 ignores the extension 707.

The integrated circuit chip 907 verifies the digital certificate 991 asmatching the manufacturer 901 and being signed by a trusted certificateauthority, step 993. If the verification is unsuccessful, an errorcondition is flagged and corrective action taken (not illustrated).

The digital signature is a match for the integrated circuit chip 907manufacturer, the integrated circuit chip 907 decrypts the encryptedpatch, step 997:

PATCH=D(SK_(MAN),PATCH_(ENC))

Finally, the integrated circuit chip 907 installs the patch into theoperating system 405.

From the foregoing it will be apparent that an efficient and securemechanism for in-field installation of operating system patches in anoperating system of an integrated circuit chip is provided.

Although specific embodiments of the invention have been described andillustrated, the invention is not to be limited to the specific forms orarrangements of parts so described and illustrated. The invention islimited only by the claims.

We claim:
 1. A method for operating an integrated circuit chipcomprising a first digital certificate of an issuing authority, a patchserver, an issuing-authority server, and a terminal to securely patch anoperating system of the integrated circuit chip, the method comprising:operating the patch server to encrypt a patch to the operating system ofthe integrated circuit chip; operating the patch server to transmit theencrypted patch to the issuing-authority server; operating theissuing-authority server to append the encrypted patch into a seconddigital certificate of the issuing authority in an extension to thesecond digital certificate; operating the issuing-authority server totransmit the second digital certificate including the encrypted patch tothe terminal; operating the terminal to communicate with the integratedcircuit chip upon presentation of the integrated circuit chip to theterminal; operating the terminal to transmit the second digitalcertificate including the encrypted patch to the integrated circuitchip; operating the integrated circuit chip to unpack the second digitalcertificate including the encrypted patch to recover the extension tothe second digital certificate; and operating the integrated circuitchip to verify that the extension to the second digital certificatecorresponds to the operating system of the integrated circuit chip; andif the extension is verified to correspond to the operating system ofthe integrated circuit chip, to decrypt the extension to the seconddigital certificate thereby recovering the patch to the operating systemof the integrated circuit chip, and installing the patch into theoperating system of the integrated circuit chip.
 2. The method accordingto claim 1, further comprising: operating the patch server to digitallysign the encrypted patch; and operating the integrated circuit chip toverify the digital signature of encrypted patch prior to installing thepatch into the operating system of the integrated circuit chip.
 3. Themethod of claim 1, further comprising a preliminary step of installing aprivate key of the manufacturer of the integrated circuit chip into theintegrated circuit chip; and wherein the patch server encrypts the patchusing the public key corresponding to the private key of themanufacturer of the integrated circuit chip, and wherein the integratedcircuit chip decrypts the extension to the digital certificate using theprivate key of the manufacturer.
 4. The method of claim 1, furthercomprising a preliminary step of installing a secret key of themanufacturer of the integrated circuit chip into the integrated circuitchip; and wherein the patch server encrypts the patch using the secretkey corresponding to the secret key of the manufacturer of theintegrated circuit chip, and wherein the integrated circuit chipdecrypts the extension to the digital certificate using the secret keyof the manufacturer.
 5. The method of claim 1 wherein the second digitalcertificate of the issuing authority is a link certificate that links tothe first certificate of the certificate authority stored on theintegrated circuit chip.
 6. The method of claim 1 wherein the linkcertificate is a country verifying certificate authority linkcertificate and the extension to the link certificate contains an objectidentifier indicating the manufacturer of the integrated circuit chip ashaving originated the extension to the link certificate.
 7. The methodof claim 1 wherein the integrated circuit chip is embedded in anelectronic security document.
 8. The method of claim 1 wherein theelectronic security document is a machine readable travel document. 9.An integrated circuit chip comprising: a processor; and a memoryconnected to the processor and containing instructions executable by theprocessor including an operating system; and instructions to cause theprocessor to: receive a digital certificate from a patch server via averifier terminal, the digital certificate including an extensioncontaining an encrypted patch for the operating system; unpack thedigital certificate thereby recovering the extension to the digitalcertificate; verify that the extension to the digital certificatecorresponds to the operating system of the integrated circuit chip; andif the extension is verified to correspond to the operating system ofthe integrated circuit chip, to decrypt the extension to the digitalcertificate thereby recovering the patch to the operating system of theintegrated circuit chip, and installing the patch into the operatingsystem of the integrated circuit chip.
 10. The integrated circuit chipof claim 9 where the instructions of the patch loader further compriseinstructions to cause the processor to verify the digital signature ofencrypted patch prior to installing the patch into the operating systemof the integrated circuit chip.
 11. The integrated circuit chip of claim9 wherein the memory further includes a private key of the manufacturerof the integrated circuit chip; and wherein the patch is encrypted usingthe public key corresponding to the private key of the manufacturer ofthe integrated circuit chip, and wherein the instructions furthercomprise instructions to cause the processor to decrypt the extension tothe digital certificate using the private key of the manufacturer. 12.The integrated circuit chip of claim 9 wherein the memory furtherincludes a secret key of the manufacturer of the integrated circuitchip; and wherein the patch is encrypted using the shared secret key;and wherein the instructions further comprise instructions to cause theprocessor to decrypt the extension to the digital certificate using theshared secret key of the manufacturer.
 13. The integrated circuit chipof claim 9 wherein the second digital certificate of the issuingauthority is a link certificate that links to the first certificate ofthe certificate authority stored on the integrated circuit chip.
 14. Theintegrated circuit chip of claim 13 wherein the link certificate is acountry verifying certificate authority link certificate and theextension to the link certificate contains an object identifierindicating the manufacturer of the integrated circuit chip as havingoriginated the extension to the link certificate.
 15. The integratedcircuit chip of claim 9 wherein the integrated circuit chip is embeddedin an electronic security document.
 16. The integrated circuit chip ofclaim 9 wherein the electronic security document is a machine readabletravel document.
 17. The method of claim 2, further comprising apreliminary step of installing a private key of the manufacturer of theintegrated circuit chip into the integrated circuit chip; and whereinthe patch server encrypts the patch using the public key correspondingto the private key of the manufacturer of the integrated circuit chip,and wherein the integrated circuit chip decrypts the extension to thedigital certificate using the private key of the manufacturer.
 18. Themethod of claim 2, further comprising a preliminary step of installing asecret key of the manufacturer of the integrated circuit chip into theintegrated circuit chip; and wherein the patch server encrypts the patchusing the secret key corresponding to the secret key of the manufacturerof the integrated circuit chip, and wherein the integrated circuit chipdecrypts the extension to the digital certificate using the secret keyof the manufacturer.
 19. The integrated circuit chip of claim 10 whereinthe memory further includes a private key of the manufacturer of theintegrated circuit chip; and wherein the patch is encrypted using thepublic key corresponding to the private key of the manufacturer of theintegrated circuit chip, and wherein the instructions further compriseinstructions to cause the processor to decrypt the extension to thedigital certificate using the private key of the manufacturer.
 20. Theintegrated circuit chip of claim 10 wherein the memory further includesa secret key of the manufacturer of the integrated circuit chip; andwherein the patch is encrypted using the shared secret key; and whereinthe instructions further comprise instructions to cause the processor todecrypt the extension to the digital certificate using the shared secretkey of the manufacturer.